1. Field of the Invention
The present invention relates to an illegal communication detector that monitors contents of communications delivered to a server connected to an intra-organizational network or other similar protection-targeted devices, and detects any illegal communication.
2. Description of the Related Art
In recent years, the style of connection to the Internet is diversified. For example, corporate employees can access an intra-corporate server from a personal computer and the like device at their home via a network and perform jobs without actually going to the office or can access the intra-corporate server from the outside to retrieve e-mail.
In such a situation, the intra-corporate server generally performs personal authentication with a user name, password and the like for the purpose of allowing an employee to access the information retained within the server only when the employee is authenticated.
However, if a user name, a password, or other items of information leak out, an illegal action called “spoofing” (pretending to be someone else) can be performed to read information from the intra-corporate server. To avoid such a problem, the degree of stringency of authentication can be increased by use of a technique which uses the information about the employed computer communication card for personal authentication in addition to personal identification information.
However, personal authentication is based on the information existing on the user side as described above. If a malicious user gathers the information about an authorized user, the malicious user can theoretically perform “spoofing”.
Further, illegal communications based on “spoofing” differ from attacks such as DoS and port scan so that it is generally difficult to differentiate “spoofing” from an authorized use.
The present invention is therefore made to address the foregoing problems and provide an illegal communication detector that is capable of detecting and handling an illegal communication such as “spoofing”.